Cyber Security Awareness and Vulnerabilities Blog

In a previous blog post, I described how I bypassed the patch for the first fix for CVE-2018-15422. That bypass was also discovered by other researchers as well. You can check that out in Cisco’s updated advisory. Now, WebExec was the name given to…

Read More

What is Penetration Testing? Penetration testing is a direct test of an application, a device, a website, an organization, and even the people that work at an organization. It first involves attempting to identify and then attempting to exploit different security weaknesses that can…

Read More

As an exploit writer, one of my tasks consists of gathering common vulnerabilities and exposures (CVE) and all of the information related to them in order to design an exploit for Core Impact. As part of this process I stumbled across CVE-2018-15422: A…

Read More

These days it seems like there are security solutions for almost everything except, the one thing you can never fully secure - humans. But, while you can’t control everything they open or click on, you can control their access to your sensitive data.…

Read More

These days it seems like there are security solutions for almost everything except, the one thing you can never fully secure - humans. But, while you can’t control everything they open or click on, you can control their access to your sensitive data.…

Read More

Identity Governance and Administration is a complex and growing, set of solutions that are put in place to help your organization stay compliant with government or industry regulations and, perhaps more importantly, help secure your organization. However, with every new solution, there are…

Read More

This week Core Access Insight (AI) was named as a leader in the KuppingerCole Leadership Compass for Access Governance and Intelligence. In addition, we’re proud to report the product was named as a leader in three categories – Product, Innovation, and Overall Leader…

Read More

When conducting a penetration test, most testers will develop some type of process, and repeat that same process on every engagement. As I think through the basics of penetration testing, I believe that process can be broken up into six steps. They are:   Information…

Read More

Here is the summary of all exploits released since April 2nd, the last Dot Release: 16 Updates overall  9 Remote exploits 4 Client-Side exploits 3 Product updates Here is the list of published updates: Remote Exploits: Disk Pulse Enterprise GET Buffer Overflow Exploit Disk Savvy Enterprise Buffer Overflow Exploit DiskBoss Enterprise Buffer…

Read More

Identity Governance & Administration (IGA) is commonly defined as “the policy-based centralized orchestration of user identity management and access control. Identity governance helps support enterprise IT security and regulatory compliance.” Or put into simpler terms, it’s putting in place a solution to ensure that…

Read More